392{
395 gss_buffer_desc *recv_tokenp, send_token;
396 OM_uint32 maj_stat, min_stat, call_stat, ret_flags;
397
399
401
404
405
406 memset(&gr, 0,
sizeof(gr));
407 recv_tokenp = GSS_C_NO_BUFFER;
408
409#ifdef DEBUG
411#endif
412
413 for (;;) {
414#ifdef DEBUG
415
416 if (recv_tokenp != GSS_C_NO_BUFFER) {
417 log_debug(
"The token we just received (length %d):",
418 recv_tokenp->length);
419 log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
420 }
421#endif
422 maj_stat = gss_init_sec_context(&min_stat,
428 0,
430 recv_tokenp,
432 &send_token,
433 &ret_flags,
435
436 if (recv_tokenp != GSS_C_NO_BUFFER) {
437 gss_release_buffer(&min_stat, &gr.gr_token);
438 recv_tokenp = GSS_C_NO_BUFFER;
439 }
440 if (maj_stat != GSS_S_COMPLETE &&
441 maj_stat != GSS_S_CONTINUE_NEEDED) {
442 log_status(
"gss_init_sec_context", maj_stat, min_stat);
443 break;
444 }
445 if (send_token.length != 0) {
446 memset(&gr, 0,
sizeof(gr));
447
448#ifdef DEBUG
449
450 log_debug(
"The token being sent (length %d):",
451 send_token.length);
452 log_hexdump(send_token.value, send_token.length, 0);
453#endif
454
457 &send_token,
460
461 gss_release_buffer(&min_stat, &send_token);
462
464 (gr.gr_major != GSS_S_COMPLETE &&
465 gr.gr_major != GSS_S_CONTINUE_NEEDED))
467
468 if (gr.gr_ctx.length != 0) {
469 if (gd->
gc.gc_ctx.value)
470 gss_release_buffer(&min_stat,
472 gd->
gc.gc_ctx = gr.gr_ctx;
473 }
474 if (gr.gr_token.length != 0) {
475 if (maj_stat != GSS_S_CONTINUE_NEEDED)
476 break;
477 recv_tokenp = &gr.gr_token;
478 }
480 }
481
482
483
484
485 if (maj_stat == GSS_S_COMPLETE) {
486 gss_buffer_desc bufin;
487 gss_buffer_desc bufout;
488 u_int seq, qop_state = 0;
489
490 seq =
htonl(gr.gr_win);
491 bufin.value = (unsigned char *)&seq;
492 bufin.length = sizeof(seq);
495
496 maj_stat = gss_verify_mic(&min_stat, gd->
ctx,
497 &bufin, &bufout, &qop_state);
498
499 if (maj_stat != GSS_S_COMPLETE
500 || qop_state != gd->
sec.qop) {
501 log_status(
"gss_verify_mic", maj_stat, min_stat);
502 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
505 }
507 }
512 break;
513 }
514 }
515
517 if (gr.gr_token.length != 0)
518 gss_release_buffer(&min_stat, &gr.gr_token);
519
523
525 }
527}
static void authgss_destroy()
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)